[http://www.webguvenligi.org/docs/WGT_brosur.pdf Here you can view a brochure] explaining in Turkish the action highlights of OWASP/Türkiye during the last one and a half year [obsolete for over two years].

The event aims to present an environment where key and popular application security topics will be discussed and shared. Hundreds of developers, business owners and security practitioners will be ready to increase local application security awareness. Join us!

* [http://www.flickr.com/photos/webguvenligi/4398278258/ 23 February OWASP-TR meeting] was held in Turkcell Akademi with members of OISF. Thank you guys!

+

A proactive approach on finding fake android applications on some of the biggest android stores. Just enter a term, and droidalert searches it for you in android stores.

−

== Chapter Brochure ==

+

* [http://code.google.com/p/chiasma/ Chiasma] by Bedirhan Urgun

−

[http://www.webguvenligi.org/docs/WGT_brosur.pdf Here you can view a brochure] explaining in Turkish the action highlights of OWASP/Türkiye during the last one and a half year [somewhat obsolete for a solid one and a half year].

A compilation of a study on analyzing the possible behavior of a malicious developer...Inspired by [http://www.blackhat.com/presentations/bh-usa-09/WILLIAMS/BHUSA09-Williams-EnterpriseJavaRootkits-PAPER.pdf Jeff Williams's Work]

A compilation of a study on analyzing the possible behavior of a malicious developer...Inspired by [http://www.blackhat.com/presentations/bh-usa-09/WILLIAMS/BHUSA09-Williams-EnterpriseJavaRootkits-PAPER.pdf Jeff Williams's Work]

Bedirhan Urgun of OWASP/TR will give a presentation on "Developing Secure Android Days" on 22 May from 15:30-16:00 in Android Developer Days, 2012. The presentation will take place in ODTU, Ankara.

+

+

Location: ODTÜ Kültür ve Kongre Merkezi, Ankara

+

+

Date: 22 May 2012, Tuesday

+

+

Time: 15:30 – 16:00

+

+

== OWASP/TR Presentation in ReadMee Internet Zirvesi, 2012 ==

+

+

Seyfullah Kılıç will give a presentation titled "Web Güvenliği ve Korunma Yolları" on 07 April Saturday from 14:00-14:45 in ReadMee Internet Zirvesi, 2012. The presentation will take place in Eskişehir Osmangazi Üniversitesi, Eskişehir.

+

+

Location: Eskişehir Osmangazi Üniversitesi Meşelik Kampüsü, Eskişehir

+

+

Date: 7 April 2012 Saturday

+

+

Time: 14:00 – 14:45

+

+

== OWASP/TR Presentation in Özgür Yazılım ve Linux Günleri, 2012 ==

+

+

Bünyamin Demir of OWASP/TR will give a presentation titled as "

+

Güvenli Kod Geliştirme" and will hold a chapter meeting "OWASP Türkiye Chapter Meeting (Çalışma Toplantısı)" on 31 March Saturday from 10:00-13:00 in Özgür Yazılım ve Linux Günleri, 2012. The presentations will take place in İstanbul Bilgi Üniversitesi Dolapdere Kampüsü, İstanbul.

+

+

Location: İstanbul Bilgi Üniversitesi Dolapdere Kampüsü, İstanbul

+

+

Date: 31 March 2012 Saturday

+

+

Time: 10:00 – 13:00

+

+

Location 1: 1. Salon

+

Location 2: Toplantı Salonu

+

+

== OWASP/TR Talk in Open Source Code Days in Yeditepe University ==

+

+

Bunyamin Demir talked about OWASP and OWASP/Turkey introduction. After intro, he did a presentation about [http://seminer.linux.org.tr/wp-content/uploads/guvenli_kod_gelistirme_ve_yasam_dongusu.ppt "Secure Coding and Chaotic Life Cycle"].

Kubilay Onur Güngör will talk about OWASP and OWASP/Turkey (among other things). So don't miss the events if you're around.

+

[http://www.shibumidojo.org/ Kubilay Onur Güngör] will start with OWASP and OWASP/Turkey introduction. After intro, cyber security concept, web application security, social theories of criminal behaviors and many other topics will be discussed. So don't miss the events if you're around.

[http://www.shibumidojo.org/ Kubilay Onur Güngör] will start with OWASP and OWASP/Turkey introduction. After intro, cyber security concept, web application security, social theories of criminal behaviors and many other topics will be discussed. So don't miss the events if you're around.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Chapter Brochure

Here you can view a brochure explaining in Turkish the action highlights of OWASP/Türkiye during the last one and a half year [obsolete for over two years].

Application Security Day, İstanbul 2012, Conference

Application Security Day, İstanbul 2012 will be held on 9 June, Saturday, in Marmara Üniversitesi Rektörlük Binası, Sultanahmet, İstanbul.
The event aims to present an environment where key and popular application security topics will be discussed and shared. Hundreds of developers, business owners and security practitioners will be ready to increase local application security awareness. Join us!

FindDomains is a multithreaded search engine discovery tool that will be very useful for penetration testers dealing with discovering domain names/web sites/virtual hosts which are located on too many IP addresses.

A simple yet effective web based audit log monitoring service for Modsecurity v2. It consists of two basic parts; a (bash) shell script that parses serial logs into the mysql database and a php web application.

A Java,PHP and .NET based image validator that can be used for validating image files on upload systems (such as photo galleries,forums,etc ..) against the threats for XSS issues with IE and LFI attacks. Individual project pages; PSecureImage for PHP, JSecureImage for Java and NSecureImage for .NET

A collection of three components; an audit documentation in Turkish, a basic remote vulnerability scanner and an audit shell script fully aligned with the audit documentation. All for auditing and testing Apache Tomcat partial J2EE container.

MSALParser (pronounced \mi-säl\) implements necessary parsers and model objects to represent a ModSecurity Single Audit Log, hence the name MSAL. MSALParser is a PHP RPC end that will get mlogc's calls and parses them into objects and eventually write to a persistent data store.

For most of the languages and frameworks, developers have to implement their own functions to defend against CSRF. AntiCsrf is a basic and light library for defending against CSRF for PHP applications.

FSF is a plug-in based freakin' simple fuzzer for fuzzing web applications and scraping data. It supports some basic stuff and missing some features however it has got some advanced RegEx capturing features for scraping data out of web applications.

MSALMobile, a basic windows mobile application and consuming MSALService, is a simple mobile ModSecurity log analyzer for Windows Mobile environment. See a video of MSALMobile in action on www.webguvenligi.org.

A playground for reflected xss test cases. The live project includes seven test cases ready to exploit. A legal and solid way to learn and apply xss skills. Moreover, a good way to test web application scanners on reflected xss testing...

Web.config file holds settings about related ASP.NET web application. This project analyzes a given Web.config file for security vulnerabilities with its 30+ checks. It's a command line too for now and produces a neat html based report.

Meetings/Conferences

OWASP/TR Presentation in Android Developer Days 2012 in ODTU Ankara

Bedirhan Urgun of OWASP/TR will give a presentation on "Developing Secure Android Days" on 22 May from 15:30-16:00 in Android Developer Days, 2012. The presentation will take place in ODTU, Ankara.

Location: ODTÜ Kültür ve Kongre Merkezi, Ankara

Date: 22 May 2012, Tuesday

Time: 15:30 – 16:00

OWASP/TR Presentation in ReadMee Internet Zirvesi, 2012

Seyfullah Kılıç will give a presentation titled "Web Güvenliği ve Korunma Yolları" on 07 April Saturday from 14:00-14:45 in ReadMee Internet Zirvesi, 2012. The presentation will take place in Eskişehir Osmangazi Üniversitesi, Eskişehir.

Location: Eskişehir Osmangazi Üniversitesi Meşelik Kampüsü, Eskişehir

Date: 7 April 2012 Saturday

Time: 14:00 – 14:45

OWASP/TR Presentation in Özgür Yazılım ve Linux Günleri, 2012

Bünyamin Demir of OWASP/TR will give a presentation titled as "
Güvenli Kod Geliştirme" and will hold a chapter meeting "OWASP Türkiye Chapter Meeting (Çalışma Toplantısı)" on 31 March Saturday from 10:00-13:00 in Özgür Yazılım ve Linux Günleri, 2012. The presentations will take place in İstanbul Bilgi Üniversitesi Dolapdere Kampüsü, İstanbul.

Kubilay Onur Güngör will start with OWASP and OWASP/Turkey introduction. After intro, cyber security concept, web application security, social theories of criminal behaviors and many other topics will be discussed. So don't miss the events if you're around.

Kubilay Onur Güngör will start with OWASP and OWASP/Turkey introduction. After intro, cyber security concept, web application security, social theories of criminal behaviors and many other topics will be discussed. So don't miss the events if you're around.

OWASP/TR Seminar in İstanbul Kültür Universitesi, 29 December 2009

We'll be hosting a free seminar in İstanbul Kültür Üniversitesi, Ataköy Kampüsü, Önder Öztunalı Konferans Salonu. Topics will include "introduction to OWASP/TR", "siber security", "security best practices and standards". It will also include a demo on digital investigation.

October 11, 2009 OWASP/TR on the Green Field

Teams formed by OWASP-Turkey mailing list members will play a soccer match on Sunday, 18:00 October the 11th. We'll seek our Messis, Zidanes, Kakas, Lampards, Chechs stemmed from the Anatolian land... National team may not be qualified for the 2010 World Championship, which is a shame, but we'll do better next time.

Artifacts - OWASP-Turkey Meeting in September 26, 2009

30 people gathered for the OWASP/TR meeting. Here's the agenda of the meeting. Moreover, Ibrahim Saruhan gave a presentation on his experiences writing a PoC Facebook botnet. Thanks everyone for participating.

OWASP-TR Seminar in Kocaeli University, 06 May 2009

We'll be hosting a free seminar in Math. Department of Kocaeli University about OWASP and OWASP/Turkey including the basics of well known attack vectors and prevention techniques on 6th (Wednesday) of May 2009, starting from 15:30.

Talk in Information Techonology Days '09 in Sakarya University

We'll be giving two talks in "Information Techonology Days" about OWASP and OWASP/Turkey in Sakarya University on 19th of March 2009. The talk will include an introduction to OWASP, OWASP/Turkey as a community. Plus, Jarvinen, an OWASP/TR project, will be presented.

Artifacts - Fifth OWASP-Turkey Meeting in March 08, 2009

We had close to 35 people gathered. Here's the agenda of the meeting. Moreover, Fatih Emiral gave a presentation comparing three main Software Security models. Thanks everyone for participating.

Fifth OWASP-Turkey Meeting in March 08, 2009

A regular meeting on web/software security related issues&techniques&news. The meeting will take place in Istanbul, Maltepe, beween 13:00-15:00, on 08th of March, Sunday.
Here's the map for the meeting place
If you want to attend the event, please send an e-mail to: urgunb at hotmail.com (Bedirhan Urgun)

Artifacts - Web Security Days Kocaeli December 2008

With over 50 attendees we had our 4th Web Security Days in Kocaeli University at Umuttepe Campus.

Fourth OWASP-Turkey Meeting in October 18, 2008

A catch up meeting on web/software security related issues&techniques&news. Moreover, OWASP sent goodies (to the most active chapters) will be distributed (This includes 27 OWASP books and 19 pens). It will take place in Istanbul, İstiklal Cad.Emir Nevruz Sok. No: 1/11 Galatasaray Beyoğlu beween 14:00-16:00, on 18th of October. If you want to attend the event, please send an e-mail to: urgunb at hotmail.com (Bedirhan Urgun)

Talk in Free Software Conference in Ankara

We'll be giving a talk in "Free Software Conference" about OWASP and OWASP/Turkey in TOBB University of Economics and Technology on 21st (Saturday) of June 2008. The talk will include an introduction to OWASP, OWASP/Turkey, as well as web/application security projects achieved in Turkey.

The Day will start at 09:30 and our talk, which will be presented by Mesut Timur, will be between 15.00-15.30. You can skim the programme here.

Talk in Open Source Code Day in Yildiz Technical University

We'll be giving a talk in "Open Source Code Day" about OWASP and OWASP/Turkey in Yildiz Technical University on 19th of April 2008. The talk will include an introduction to OWASP, OWASP/Turkey, web/application security community in Turkey, the 1st OWASP Day video by Jeff and a live application insecurity demo.

The Day will start at 09:30 and our talk will be the last one before the noon.

Artifacts - March 09 2008 Meeting

It was a nice Sunday in Istanbul and we had 16 people talking about SPoC 08, April OWASP Week and web application security in general. Here are the pictures taken during the meeting.

March 09 Meeting

A casual meeting for anyone interested in web/software security. It will take place in Istanbul, Kadikoy at 14:30, on 09 March. To chat and enjoy the Bosphorus!

Artifacts - Web Security Days Ankara & İzmir November 2007

Through a foggy, and therefore a hard flight, we've managed to realize Web Security Days 2 & 3 in Ankara and Izmir, respectively. Having a total of ~130 attendees (most of them in Izmir), we hope WSD to be traditional and become more qualitysome.

Artifacts - OWASP DAY: on the topic of "Privacy in the 21st Century" - September 8 (Turkey 2007)

Q1.
What is the current state of Privacy on Web Application Security? Does it really matter? Is privacy what will drive radical changes in web application's security (ala PCI)?

A1.
During the meeting an effort was made to clarify the meaning of privacy;

- what are the key items that builds up to "privacy"?
- are we talking about the privacy of real people or should we also include the privacy of legal entities?
- is there really a solid line (or even a vague line) between confidentiality and privacy?

We defined privacy as confidentiality of the data; be it of a real person or a legal entity.
But the key part is that privacy is "the ability to control the flow of one's own data". And which brings another principle: "need to know". Privacy is directly related to an individual or an organization. Confidentiality, however, is directly related to "information"... Privacy is a "result" and confidentiality is a tenet or a security mechanism.

Enough of these convulsions;
The answer to the first question was a definite "YES". Participants were all agreed that "privacy" plays and will play the most important role in web security and its future.

Q2.
Application side: what the data owner should be doing to protect the user's privacy? Should there be a law that states how to protect this information? What can we do to improve it?

A2.
Most of the participants agreed that a law is a necessity.
But, maybe, more important thing is to raise the awareness of the customers.
Here we also had a discussion on the current status of the law on privacy? There are mainly three
documents on privacy in Turkish law;

* a directive on privacy in telecommunication, which happened to be inadequate (an assertion of a lawyer)
* a draft law on privacy from Department of Justice, which is still in the process of approval
* a recent (May 2007) law on siber crimes which happens to be similiar to the "Directive 2006/24/EC of the
European Parliament and of the Council" on the data retention. This law, however, still needs a few
directives, which are about to be published.

Q3.
Client side: what is the client's perception of privacy? How can a user trust a site about his own data treatment? Is the client nowadays safeguarded about a possible loss of privacy?

A3.
As a first step there should be an "agreement" presented to the user by the application side.
This wouldn't be enough so there should be regular inspections (a third eye) on these services.
About "is the client nowadays safeguarded about a possible loss of privacy?" question, the answer
was a definite "NO". Especially with the banks. Yes, there are a few cases of trials where the courts
dictated a bank to compansate the loss of the victim, however, mostly this is not the case. Even there is
a domain serving, founded by the victims of online banking crimes in Turkey.

Q4.
What should OWASP be focusing on?

A4.
As a suggestion, OWASP may provide a "web security tips" page, which can include a searchable gui
on small programming tips to avoid security holes in web applications.

And a great idea of producing a "FixmeBank" application to cover the developer side of the story, as opposed to tester/attacker side (via WebGoat or HacmeBank), was suggested by Taygun Alban.

Q5.
What would OWASP spend it's grant money? (note that new OWASP members can allocate some or all of their membership fees to specific projects)

Next Event - OWASP DAY: on the topic of "Privacy in the 21st Century" - September 8 (Turkey 2007)

As a part of the Global Security Week, OWASP Turkey chapter will be holding a humble meeting on Saturday, 8 September 2007. Less technical and time taking compared to last event (Web Security Days) we will be focusing on the current snapshot of the privacy related issues in the govermental/quasi-governmental and private institutions of Turkey.

A small introduction to OWASP Day meeting and its goals, plus explanation of some of the lightweight projects of OWASP Turkey.

Bedirhan URGUN, Bunyamin DEMİR

14:20 - 14:50 Privacy in Governmental Insitutions - A Current State Analysis

Presentation will discuss the understanding of the privacy concept settled in governmental institutions and deliberate on general information security problems related with privacy issues.

Getting off with general privacy problems, in specific, information about the privacy issues related to web applications will be given. Moreover, concrete suggestions on providing a solid privacy in these institutions will be presented.

Hayrettin BAHŞİ
Chief Researcher CC Lab-UEKAE TUBITAK

15:00 - 15:50 Secure Web Application Development

Korhan GÜRLER
Chief Researcher PRO-G

15:00 - 16:00 A Panel on Privacy in Turkey

OWASP-Turkey Members

Last Event - 1st Web Security Days - July 14 (Turkey 2007)

First of the Web Security Days has been realized by Owasp-Turkey chapter on 14th of July 2007 in İstanbul. With a ~70 registered attendees, it was great to have a pack of web security oriented people for a five hours of mostly technical presentations.